Earlier this morning I participated in a panel at GigaOm’s Mobilize conference. Sitting on the panel with me were Alan Dabbiere the Chairman of AirWatch, and JP Finnell the Head of Mobile Strategy and Innovation for SAP.
You can watch the panel on demand here, and I shot a short recap of my morning at Mobilize that’s included at the bottom of this post.
There was a lot of great discussion before, during, and after the panel. Here’s an overview of my answers to some of the questions raised during the panel and by press throughout the day.
Panel moderator Cormac Foster (Research Director for Mobility at GigaOm) said that one of the big risks to and enterprise is malicious behavior within the workforce and he asked how technology can mitigate this.
As scary as it sounds, this perspective is pretty accurate. I commented that the customer organizations with whom I meet – some of the most forward looking in their user-enablement strategies – follow the principle that their users are resourceful. These organizations understand that they need to have a strategy that delivers solutions to their users that are simple and non-intrusive – and if they do not deliver simple solutions (or no so solution at all), these resourceful users will simply go around IT and use the consumer services they use in their personal lives. These users want to be efficient and effective, and they will follow the path of least resistance to get their jobs done. This is how threats can be unknowingly (and knowingly) introduced within an enterprise.
I think that organizations can do a lot to provide their users with simple, safe, manageable solutions. One example I shared was a personal one: I’m not the only “Brad Anderson” working in the technology industry (here I previously thought I was unique J). There’s was a Brad Anderson at Dell (VP of the Dell Server Division) and another at Best Buy (former CEO). There have been times over the years when mail was sent to me that was meant for one of them. These mails were unintended, of course, but it demonstrates how easily your company’s data can be compromised by accident – to say nothing of what can happen when there is malicious intent at work.
The kind of solutions we need to ensure corporate data is secure in situations like this is to use a Rights Management solution (like what Microsoft delivers) where the security travels with the data. If accessing high-business-impact data required an authentication to Active Directory, accidental data leakage by users would not compromise data.
The next comment from the panel touched on how much technology can really prevent bad user behaviors. Most organizations trust their end users, but they still make the effort to trust but verify. As I describe above, simple solutions that naturally integrate with the way in which users do their work can prevent accidental and innocent mistakes that cause data leaks and negatively impact a business.
If a user has malicious intent, it is a whole different ball game and solutions are needed that not only grant access to apps and data, but also track who accessed what, when and from where in order to discover and identify these kinds of behaviors. This is something that we are working on all across Microsoft. We are delivering more and more integrated solutions across Windows, Windows Phone, System Center, Intune, Office, and Active Directory. We are very proud of the fact that our investment in these end-to-end technologies give customers the comprehensive solutions they need.
We also discussed the growth in application management strategies and app management products. One of the trends I am seeing is that much of the conversation in the industry around devices is moving from managing settings to managing the applications and data that users want to access. This is where I think we are going to see industry vendors begin to really look at their strategies for managing devices in a much more holistic fashion and begin to approach the challenges in the context of, “What is our unified strategy for managing access to apps and data across all of the devices my users are using – PCs, tablets, phones, etc.”
There is lots of discussion about a new category of management called MAM – Mobile Application Management. My belief is that organizations need to think about their application management strategy in end-to-end terms, rather than the fragmented approach that seems to be so common, e.g. one strategy for PCs and a different strategy for mobile devices. Your app management strategy should be all inclusive. Yes, there will likely be different access policies across these devices, but you should have a single strategy that is comprehensive and covers all your devices.
Hopefully this gives you a sense of the questions and discussion at the event. Its been a great day, and I look forward to digging into these and other related topics more here on ITC.